ChatGPT file uploading does not work due to Sophos EndPoint

Hi Rafael,

Thanks for reaching out to the Sophos Community Forum. 

Checking through some previous support cases, I see that some customers have had success in adding the same type of exclusion as you have. If not all users require access to ChatGPT, you may want to add the scanning exclusion of the type "Website" to a specific Threat Protection policy that applies to the desired users. 

I suggest testing with an incognito or in-private-browsing window to ensure website caching does not affect the results you're seeing when testing. 

Do let me know if you continue to experience issues when testing this way. 

Hi Rafael,

Thanks for reaching out to the Sophos Community Forum. 

Checking through some previous support cases, I see that some customers have had success in adding the same type of exclusion as you have. If not all users require access to ChatGPT, you may want to add the scanning exclusion of the type "Website" to a specific Threat Protection policy that applies to the desired users. 

I suggest testing with an incognito or in-private-browsing window to ensure website caching does not affect the results you're seeing when testing. 

Do let me know if you continue to experience issues when testing this way. 

No luck! Only disabling Sophos EndPoint is the only way I can upload files to ChatGPT. This is not an option. If I do not get any answer from the community in 1 or 2 days I will open a ticket with Sophos Support. For now I will manually disable Sophos EndPoint when I use ChatGPT since I am the biggest power user in the company and the Sophos Central admin.

If you open the dev tools of the browser and look at the network activity. Add the domain column and retry the upload, do you see a failing request, to what domain? 

Thanks for pointing me out in that direction. I added files.oasisusercontent.com to the Global Exclusions and now I can upload. Btw my list of global exclusions is growing big. Soon I will need to add all the websites our staff visits because for some reason Sophos blocks it. Why is that?

Hard to say, it depends what the domain is categorized as and what your web control policy might be. If you tail the SophosNetFilter.log when reproducing the issue that might help:

gc 'C:\ProgramData\Sophos\Sophos Network Threat Protection\Logs\SophosNetFilter.log' -wait -tail 1 | ogv

You can presumably search for the domain in the filter at the top. Does the decision show it not to be allowed?

The problem is you have the main page, in this case chatgpt.com, which loads resources from other domains.  These other domains may have a different category to the main page.  So the main page could be allowed the other domains not.  In this case, it's a non visible element so the response could be a block which would be silent. Then you have block and warn as an option which could disrupt the data.

Maybe the log would make it clearer?  Presumably if web control was off it would work?  Web Control and Web Protection use the same inspection method. I doubt just web protection being on would cause the issue. I'm sure it will be web control.

Are you blocking/warning on uncategorised for example.  That could be awkward?  Also, are you using decrypt TLS in the Threat Protection policy.  Is the product seeing the full URL?
Thanks.

Thanks for the detailed explanation, I will play around with it when I have some time. I left the policies intact (default out of the box) since the Sophos Pro Team told me that was good when we initially setup our system. Maybe the out of the box policies are too restrictive? Which makes no sense because our public Wifi doesn't apply any web or SSL scanning and ChatGPT didn't work there either (until I added all the related domains to the global exclusions).

At some point in time.....Sophos needs to have an Ai category that encompasses all the Ai. 

Not being able to find a blocked site in any events or log files in Sophos is problematic and should inherently be part of the logging.  Shouldn't need to reproduce issue.  This thread is case and point.....Just imagine how many hours Sophos could have saved us admins if the events actually showed the blocked site....... AND had a button/option with the event to whitelist the site...... 

I would say that this is a bug and it's not blocked based on a decision.

If I look in the Developer tools when it fails, 


When it works:

Can you see if the issue is with the request to:
https://chatgpt.com/backend-api/files/process_upload_stream
Do you see that the response to this request fails when Sophos web protection is enabled?

I think this needs to be a support ticket as there is an issue.

I see in the SophosNetFilter.log:

2024-10-24T18:01:32.477Z [ 1644: 6836] W Exception: Unexpected content from server (Unsupported server-sent event (SSE)) -- unexpected format

Do you see this error as well?